new file mode 100644
@@ -0,0 +1,60 @@
+From 6ba36f159fd396ad11bf6b7874554197736ecc8b Mon Sep 17 00:00:00 2001
+From: Su_Laus <sulau@freenet.de>
+Date: Sat, 2 Aug 2025 18:55:54 +0200
+Subject: [PATCH] tiff2ps: check return of TIFFGetFiled() for
+ TIFFTAG_STRIPBYTECOUNTS and TIFFTAG_TILEBYTECOUNTS to avoid NULL pointer
+ dereference.
+
+Closes #718
+
+CVE: CVE-2025-8534
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/6ba36f159fd396ad11bf6b7874554197736ecc8b]
+
+Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
+---
+ tools/tiff2ps.c | 20 +++++++++++++++++---
+ 1 file changed, 17 insertions(+), 3 deletions(-)
+
+diff --git a/tools/tiff2ps.c b/tools/tiff2ps.c
+index a598ede..05a346a 100644
+--- a/tools/tiff2ps.c
++++ b/tools/tiff2ps.c
+@@ -2193,10 +2193,20 @@ PS_Lvl2page(FILE* fd, TIFF* tif, uint32_t w, uint32_t h)
+ tiled_image = TIFFIsTiled(tif);
+ if (tiled_image) {
+ num_chunks = TIFFNumberOfTiles(tif);
+- TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc);
++ if (!TIFFGetField(tif, TIFFTAG_TILEBYTECOUNTS, &bc))
++ {
++ TIFFError(filename,
++ "Can't read bytecounts of tiles at PS_Lvl2page()");
++ return (FALSE);
++ }
+ } else {
+ num_chunks = TIFFNumberOfStrips(tif);
+- TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
++ if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
++ {
++ TIFFError(filename,
++ "Can't read bytecounts of strips at PS_Lvl2page()");
++ return (FALSE);
++ }
+ }
+
+ if (use_rawdata) {
+@@ -2791,7 +2801,11 @@ PSRawDataBW(FILE* fd, TIFF* tif, uint32_t w, uint32_t h)
+
+ (void) w; (void) h;
+ TIFFGetFieldDefaulted(tif, TIFFTAG_FILLORDER, &fillorder);
+- TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc);
++ if (!TIFFGetField(tif, TIFFTAG_STRIPBYTECOUNTS, &bc))
++ {
++ TIFFError(filename, "Can't read bytecounts of strips at PSRawDataBW()");
++ return;
++ }
+
+ /*
+ * Find largest strip:
+--
+2.40.0
+
@@ -60,6 +60,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2025-8176-0003.patch \
file://CVE-2025-8177.patch \
file://CVE-2024-13978.patch \
+ file://CVE-2025-8534.patch \
"
SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1b37ac8"